Latest CVE Feed
-
9.8
CRITICALCVE-2020-10683
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any applic... Read more
- Published: May. 01, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-11058
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker... Read more
- Published: Sep. 14, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7053
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.... Read more
- Published: Feb. 15, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2010-0840
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE:... Read more
- Actively Exploited
- Published: Apr. 01, 2010
- Modified: Apr. 11, 2025
-
9.8
CRITICALCVE-2024-38077
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability... Read more
- Published: Jul. 09, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-11698
A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions li... Read more
- Published: Nov. 26, 2024
- Modified: Jun. 24, 2025
-
9.8
CRITICALCVE-2018-7263
The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may... Read more
Affected Products : libmad- Published: Feb. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-20067
In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267285; Issu... Read more
- Published: Jun. 03, 2024
- Modified: Apr. 25, 2025
-
9.8
CRITICALCVE-2023-36911
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- Published: Aug. 08, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-11646
A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php. The manipulation of the argument sername leads to sql ... Read more
Affected Products : beauty_parlour_management_system- Published: Nov. 25, 2024
- Modified: Nov. 25, 2024
-
9.8
CRITICALCVE-2024-11635
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.... Read more
Affected Products : wordpress_file_upload- Published: Jan. 08, 2025
- Modified: Mar. 13, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2024-11631
A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /expedit.php. The manipulation of the argument expcat leads to sql injection. The attack may be in... Read more
Affected Products : tailoring_management_system- Published: Nov. 23, 2024
- Modified: Nov. 25, 2024
-
9.8
CRITICALCVE-2015-1276
Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by l... Read more
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2018-7809
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.... Read more
- Published: Nov. 30, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-11592
A vulnerability has been found in 1000 Projects Beauty Parlour Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/about-us.php. The manipulation of the argument pagetitle leads to sql injection. Th... Read more
Affected Products : beauty_parlour_management_system- Published: Nov. 21, 2024
- Modified: Dec. 10, 2024
-
9.8
CRITICALCVE-2022-2120
OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.... Read more
Affected Products : dcmtk- Published: Jun. 24, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-14275
Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations.... Read more
Affected Products : hcl_commerce- Published: Jan. 12, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29155
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is pr... Read more
Affected Products : debian_linux h410c_firmware h300s_firmware h500s_firmware h700s_firmware h410s_firmware openldap h300s h410s h500s +4 more products- Published: May. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-14188
The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.... Read more
Affected Products : jira_create- Published: Nov. 09, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-49287
TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6.... Read more
Affected Products : tinydir- Published: Dec. 04, 2023
- Modified: Nov. 21, 2024